The NSA says that any users operating websites and online services that use OpenSSL versions 1.0.1 through 1.0.1f should immediately update it, to patch the “serious vulnerability.”

Furthermore, the NSA advises regular Internet users to contact directly the providers of online services or developers of operating systems that may be affected by Heartbleed in order to inform them about the security risk – although considering the amount of media coverage Heartbleed received, it’s likely that many Internet companies are well aware of the issue.

Finally, the agency advises users to change their passwords immediately once an online service affected by the OpenSSL bug has been patched in order to avoid any further issues.

All in all, this isn’t the first time these pointers on how to deal with Heartbleed have been given to users, but this time around it’s the NSA sending out instructions for mitigating the “Heartbeat Extension Vulnerability.”